Leak_Technologies/HULL
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add range check for UI text buffer

Browse Source 
It can't overflow because buff and text have the same max length (1024
and MAX_TOKENLENGTH).
This commit is contained in:
Zack Middleton 2024-05-15 19:32:32 -05:00 committed by Tim Angus
parent 797168fa08
commit c8553223ec
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
code/ui/ui_shared.c
View File

@ -3001,6 +3001,7 @@ void Item_Text_Wrapped_Paint(itemDef_t *item) {
char text[1024];
const char *p, *start, *textPtr;
char buff[1024];
int length;
int width, height;
float x, y;
vec4_t color;
@ -3032,11 +3033,14 @@ void Item_Text_Wrapped_Paint(itemDef_t *item) {
start = textPtr;
p = strchr(textPtr, '\r');
while (p && *p) {
strncpy(buff, start, p-start+1);
buff[p-start] = '\0';
length = p-start+1;
if (length > sizeof(buff)) {
length = sizeof(buff);
}
Q_strncpyz(buff, start, length);
DC->drawText(x, y, item->textscale, color, buff, 0, 0, item->textStyle);
y += height + 5;
start += p - start + 1;
start += length;
p = strchr(p+1, '\r');
}
DC->drawText(x, y, item->textscale, color, start, 0, 0, item->textStyle);